Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

OpenID Connect is a protocol for authenticating users, built on top of the OAuth 2.0 authorization framework. Using CAS, you can act as an OpenID Connect Provider (OP), authenticating users using the OpenID Connect (OIDC) protocol, or as a relying party (RP) that requests user authorization from an OP.

...

Access tokenA credential that is used to access protected resources. An access token is a string, and represents an authorization that is issued to the client.Authorization EndpointA resource on an OpenID Provider that accepts an authorization request from a client to perform authentication and authorization on a user. The authorization endpoint returns an authorization grant (or code) to the client in the Basic Client Profile. In the Implicit Client Profile, the authorization endpoint returns an ID token and access token to the client.Authorization grantA credential that represents a user’s authorization to access resources. This credential is used by a client to obtain an access token.ClaimInformation that is asserted about an entity. Examples of a claim include a phone number, given name, or surname.ID tokenA JSON Web Token (JWT) that contains claims about the authenticated user.Introspection EndpointA resource on an OpenID Provider that enables a client that holds an access token to retrieve information. The information is used to create the access token (such as the user name, granted scopes, or client ID).OpenID Provider (OP)An OAuth 2.0 authorization server that can provide claims to a client, or Relying Party (RP).Refresh TokenA token that is issued to the client by the OP. The token is used to obtain a new access token when the current access token expires or to obtain more access tokens.Relying Party (RP)Either a WebSphere Application Server configured as an OpenID Connect Client, or a client application that requires claims from an OpenID Provider (OP).ScopePrivilege or permission that is allowed to access resources of a third party.Token EndpointA resource on an OpenID Provider that accepts an authorization grant (or code) from a client in exchange for an access token, ID token, and refresh token.

Endpoints

 

Example with a python client

...